From owner-freebsd-questions@FreeBSD.ORG Sun Nov 4 16:15:34 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D579916A41B for ; Sun, 4 Nov 2007 16:15:34 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189]) by mx1.freebsd.org (Postfix) with ESMTP id F13DE13C4AC for ; Sun, 4 Nov 2007 16:15:33 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so1108176rvb for ; Sun, 04 Nov 2007 08:15:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=o7f36LRG4YyGyo3oJQHdlwKwPNdEEHDxV+pAz8gJSJw=; b=FSjf2nkA9wr+p2l16VygHEUPFZDMYe66FkaPfCE1j/ie1GuQKnK+fZ+ySQ3xDzrwzV3vvtIm2DWrI+Yhvsuey+DBrqn5QwP/UYrBHvyJx8yVI4huThjyuD/fhXfpGOtB8JgVVwL4/gV+IPT4WDko6V80mnn9IrIknGRWbj3Cq6U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=GVlC8dMgyQQ3P1bKuKYo27PykqAuZbf6k7amgKwF9gkzXHFUZozI/MTUvQ5AjD8WKHlA7EKIKy+Q96NV54lVSAguuTIB3h36xAHTNu9/bf2SfXNX4MUSuF8f3CHkF6r5l9RxxBXZV8fpYeNYw4EwDFU/WQ12LwjKqdu1aJ4WTQY= Received: by 10.141.133.14 with SMTP id k14mr1902000rvn.1194192921163; Sun, 04 Nov 2007 08:15:21 -0800 (PST) Received: from ?192.168.17.10? ( [67.190.229.42]) by mx.google.com with ESMTPS id q30sm3660291wrq.2007.11.04.08.15.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 04 Nov 2007 08:15:19 -0800 (PST) Message-ID: <472DF016.30706@gmail.com> Date: Sun, 04 Nov 2007 10:15:18 -0600 From: Jack Barnett User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: deeptech71@gmail.com References: <472AF4FF.9000803@gmail.com> <20071102141525.19a05fc7@gumby.homeunix.com.> <472B6552.9060602@gmail.com> <472B9DA8.6000800@gmail.com> In-Reply-To: <472B9DA8.6000800@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jackbarnett@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Nov 2007 16:15:34 -0000 deeptech71@gmail.com wrote: > So basically the ruleset should be simple: > > ipfw -f flush > # allow lo0 stuff > # block some spoofs/attacks > # if you are hosting gameservers from 192.168.17.3 or whatever, > # you should (manually) open server ports, in other words, add > # routes to 192.168.17.3 to specific server ports > ipfw add divert natd all from any to any via $outside_interface > allow all from any to any > # block some more spoofs/attacks :) > # define services (like you did with http) Sorry, this didn't work.